Re: Best Authentication Provider

From: David Lozzi (dlozzi_at_(removethis)delphi-ts.com)
Date: 07/20/05 

Date: Wed, 20 Jul 2005 14:19:04 -0400

I said I can't seem to pull the other data, that is because I can't seem to
add it.

"David Lozzi" <dlozzi@(removethis)delphi-ts.com> wrote in message
news:%23P5nSXVjFHA.3544@TK2MSFTNGP15.phx.gbl...
> Thank you for your help! It helped a lot. I got my sample app here:
>
> users are redirected to login.aspx. After entering username and password,
> formsauthentication is taken care of and cookies and all that stuff. After
> this is happy, it then redirects the user to default.aspx, at which point
> I can pull the user's username (context.user.identity.name).
>
> I can't seem to figure out how to pull the remaining information about the
> user, security level, full name, email addy, etc. This is usually stored
> in a session state but I see no session info in this. I can think of one
> possible solution, and that would be to query the database everytime I
> needed this information. Is this a good idea? Is this better than a
> session state?
>
> Thanks!
>
> David Lozzi
>
> "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
> wrote in message news:621141632574614842703824@news.microsoft.com...
>> Hello David,
>>
>> inline
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>
>>> Howdy,
>>>
>>> I've written a few apps already and I have done custom authentication
>>> like so: prompt for user name and password, verify information against
>>> SQL table, then load returned username, ID, security, etc. into
>>> session state. This works and frankly I'm not sure why i'm posting
>>> this except for that I want to be 'correct' in my apps.
>>>
>>> I notice .Net supports Authentication Modes. Which is the better one
>>> to use? I have a basic understanding of each provider and it appears
>>> that the Forms Authentication Provider is the preferred method? Using
>>> Forms, how do I specify the database table in SQL to use? Also, once
>>> validated, it loads the user information into a cookie for later
>>> retrieval. Can I load more information into this cookie, like custom
>>> security levels, etc. Currently, I basically have a range from 1
>>> through 10 specifying security levels, will this still work or does
>>> Forms process security itself?
>>
>> You do that manually - you have to provide a login page - and handle the
>> login button click event - then you go to a datastore and validate
>> credentials. The authentication cookie contains a 'UserData' field where
>> you can store arbitrary additional information, e.g. Roles or what you
>> call Security Levels. Upon each request then you create a IPrincipial
>> implementation and attach it to the current thread.
>>>
>>> Same questions with Windows Auth. I've used Windows Auth in some
>>> legacy ASP apps and was able to determin security levels by a users
>>> membership to domain groups. Does this provider work the same? How do
>>> I read the security information?
>>
>> Regardless of what AuthType you use - the IPrincipal which is accessible
>> through Page.User or Context.User contains a IsInRole("") method to query
>> role membership
>>
>> i have a full working example of FormsAuth on my blog - this should get
>> you started..feel free to ask more questions after you looked at the
>> code.
>> http://www.leastprivilege.com/PermaLink.aspx?guid=b0e51388-71d1-4a6f-98d0-bc8cfbec4c3a
>>
>>>
>>> Eh, PassPort is cool but I not necessary for me so I don't care enough
>>> to ask.
>>>
>>> I've been reading through MSDN articles pertaining to these but my
>>> questions can't seem to get answered with MS Docs. Any help and
>>> clarity is greatly appreciated!
>>>
>>> Thanks!
>>>
>>> David Lozzi
>>>
>>
>>
>>
>
>

Quantcast